[cabfpub] Mozilla SHA-1 further restrictions
Gervase Markham
gerv at mozilla.org
Mon Nov 21 19:12:45 UTC 2016
On 18/11/16 15:27, Rob Stradling wrote:
> RFC6962 precertificates are X.509 certificates, but 6962-bis
> precertificates are CMS signed-data objects.
>
> See
> https://tools.ietf.org/id/draft-ietf-trans-rfc6962-bis-20.html#rfc.section.3.2
>
> Does that make them "non-certificate data" ?
Hang on... why would someone be signing one of these using SHA-1? SHA-1
use in the WebPKI is banned.
Gerv
More information about the Public
mailing list